Cybersecurity firm CrowdStrike and Delta Air Lines have each filed suit against the other over a faulty software update from CrowdStrike that triggered a Delta operational meltdown in July.
While Atlanta-based Delta filed its case in Fulton County Superior Court on Friday, CrowdStrike filed suit late Friday in federal court.
Attorneys representing CrowdStrike in its suit filed in U.S. District Court in Atlanta wrote: “Delta now attempts to shift blame to CrowdStrike, demanding at least $500 million from CrowdStrike, despite a clause in the agreement governing Delta and CrowdStrike’s relationship that limits any potential damages.”
The outage triggered an unraveling of Delta’s network, with 7,000 Delta flight cancellations over five days. Even as other airlines recovered, Delta passengers around the globe were left stranded and frustrated, sleeping in terminals and unable to get to their destinations for days.
CrowdStrike in its complaint claims that “it was Delta’s own response and IT (information technology) infrastructure that caused delays in Delta’s ability to resume normal operation, resulting in a longer recovery period than other major airlines.” It said it “immediately sought to work with Delta to help remediate the issue.”
The cybersecurity company said it brought its action to court “to make clear that CrowdStrike in no way acted grossly negligent or committed willful misconduct and certainly did not cause the harm that Delta claims.” It also said it seeks to prevent Delta from passing onto CrowdStrike any fines or penalties it may incur, after the U.S. Department of Transportation launched an investigation into the incident.
CrowdStrike contended the federal court has jurisdiction, saying Delta’s “threatened claims and alleged damages” against CrowdStrike depend on the court’s interpretation of federal laws. In its filing, CrowdStrike is seeking declaratory judgment to limit its liability and deem that it was not grossly negligent and did not commit willful misconduct.
Delta responded Monday, saying: “We believe this declaratory action and the alleged bases for federal jurisdiction are meritless. Delta will file a motion to dismiss promptly and looks forward to vindicating its claims in Fulton Superior Court.”
Delta is represented by Boies Schiller Flexner, a well-known law firm cofounded by litigator David Boies. CrowdStrike is represented by Quinn Emanuel, a large business litigation law firm with an international presence, and Atlanta law firm Caplan Cobb.
Delta in its suit alleged CrowdStrike’s faulty software update was catastrophic for the airline, and contended that CrowdStrike is liable to Delta for damages sustained and costs of the suit, citing the more than $500 million in out-of-pocket losses “in addition to reputational harm and future revenue loss.”
CrowdStrike in a Friday response said: “Delta’s claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works, and reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated (information technology) infrastructure.”
About the Author
